Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-09-24 | use token auth when accessing the api from webapp | Azul | |
One failing integration test still needs to be fixed | |||
2013-09-23 | This ensures that email addresses contain only lowercase letters, and that ↵ | jessib | |
an identity's destination is a valid Email. | |||
2013-09-23 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
2013-09-23 | security fix: clear srp data from db asap (#3686) | Azul | |
This is a quick fix for iSEC issue #13. | |||
2013-09-19 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
2013-09-19 | Merge pull request #82 from azul/feature/sessions-expire | jessib | |
Feature/sessions expire | |||
2013-09-18 | user.account shortcut to Account.new(user) | Azul | |
2013-09-17 | integration tests for session expiry | Azul | |
2013-09-09 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
2013-09-05 | For moment, have identity's address handle aliased from login so we can use ↵ | jessib | |
LoginFormatValidation. However, this is not how we will want it eventually. One issue is that the errors messages are set on login, rather than the appropriate field. | |||
2013-09-05 | Ensure that address in identity really is a LocalEmail. | jessib | |
2013-09-05 | Test of failing to add non-local email address as an identity's address. | jessib | |
2013-09-05 | Move handle method to Email model and have it work for local and non-local ↵ | jessib | |
emails. | |||
2013-09-04 | use /login instead of /sessions/new and test successful login | Azul | |
2013-09-04 | fix login form - use api session url | Azul | |
There's no non api sessions resource anymore. | |||
2013-09-03 | Merge pull request #73 from azul/bugfix/3623-teardown-test-data-properly | jessib | |
Bugfix/3623 teardown test data properly | |||
2013-09-03 | Merge pull request #75 from azul/feature/token-expiry | jessib | |
Token expiry | |||
2013-09-03 | Merge pull request #76 from azul/feature/3600-visual-feedback-on-failed-signup | jessib | |
Ensure json requests get json error response on failure | |||
2013-09-03 | clearify usage of V1::UsersController#index for autocomplete | Azul | |
[skip ci] | |||
2013-09-03 | use the login logout named route instead of sessions resource | Azul | |
The main part of the sessions resource now lives in the API. the two named routes are just fine for what is left. | |||
2013-09-03 | remove email aliases controller - we don't use it anymore | Azul | |
2013-09-03 | Cleanup sessions controller - webapp logs in through the api. | Azul | |
So the #create and #update actions were not needed anymore. Also removed the tests | |||
2013-09-03 | Account: Composition to handle User and its identities | Azul | |
We have a lot of things that act upon a user record and one or more of it's identities at the same time: * Sing up: Create a user and it's initial identity * Rename: Change the username and create a new identity, turn old into an alias * Cancel Account: Remove user and all their identities. In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things. We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests). | |||
2013-09-03 | cleanup records after running user integration tests | Azul | |
2013-09-03 | simplify users_controller_test | Azul | |
2013-09-03 | don't leave id records behind when unit testing | Azul | |
2013-09-03 | expire token according to config setting auth:token_expires_after | Azul | |
2013-09-03 | use Token#authenticate for authentication | Azul | |
This will return the user. But we can add timestamp validations and updates here. | |||
2013-09-03 | integration test for displaying internal server error during signup | Azul | |
2013-09-02 | Remove references to email_settings controller, which has been removed. An ↵ | jessib | |
identities controller will replace it. | |||
2013-08-30 | there's no need for User#find_by_param. clean it up | Azul | |
2013-08-27 | Not ideal way to do it, but was proving complicated to have a config file ↵ | jessib | |
specify which gems for which environments. Here, we have the billing gem included for the development and test environments only, hardcoded in the Gemfile. Then we show the links to billing based on a config file setting. The setting itself could be used to specify different types of billing, but isn't yet. | |||
2013-08-27 | Merge branch 'master' into billing_with_tests | jessib | |
2013-08-27 | refactor: Changing the py test to use less globals and session only locally. | Azul | |
2013-08-27 | use token to update user password | Azul | |
2013-08-27 | separate different tests for showing non existant user | Azul | |
This way the failed stubbing errors were more telling | |||
2013-08-27 | token.user will get you the right user | Azul | |
This way we can stub the token to return the user directly. Stubbing User.find_by_param is not a good idea as it will make all calls to User#find_by_param with a different id fail. | |||
2013-08-27 | do not redirect if no token present | Azul | |
So far we allow two mechanisms of authentication: * session based * token based If token fails session will be atempted in most cases. So we can't just redirect here or we get a double render error. | |||
2013-08-27 | make sure find_record still works with real records | Azul | |
2013-08-27 | clear token on logout with test | Azul | |
2013-08-27 | basic testing for token based auth in tests | Azul | |
2013-08-27 | first steps towards enabling token based auth | Azul | |
2013-08-27 | sort authentication controller extension | Azul | |
2013-08-27 | minor: remove puts line | Azul | |
2013-08-22 | Merge pull request #69 from azul/bugfix/update_user_password_through_api | jessib | |
Test updating user password through api | |||
2013-08-22 | Merge pull request #70 from azul/bugfix/validate_login_like_signup | jessib | |
use the same login validations on sessions and users | |||
2013-08-21 | Merge remote-tracking branch 'jessib/js_warning' | Azul | |
2013-08-21 | return 204 NO CONTENT on API logout | Azul | |
That's the only meaningful response. | |||
2013-08-21 | use the same login validations on sessions and users | Azul | |
The session ones were outdated so valid usernames could not login if they contained a '.' Refactored so both models use the same module for this validation to ensure consistency. | |||
2013-08-21 | also test updating the user password in python against dev.bm | Azul | |